MGASA-2026-0129

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2026-0129.html
Import Source
https://advisories.mageia.org/MGASA-2026-0129.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2026-0129
Upstream
Published
2026-05-13T07:00:52Z
Modified
2026-05-13T07:16:40.737621094Z
Summary
Updated apache packages fix security vulnerabilities
Details

http2: double free and possible RCE on early reset. (CVE-2026-23918) modrewrite elevation of privileges via apexpr. (CVE-2026-24072) buffer overflow in modproxyajp via ajpmsgcheckheader(). (CVE-2026-28780) modmd unrestricted OCSP response. (CVE-2026-29168) moddavlock indirect lock crash. (CVE-2026-29169) modauthdigest timing attack. (CVE-2026-33006) modauthnsocache crash. (CVE-2026-33007) HTTP response splitting forwarding malicious status line. (CVE-2026-33523) Off-by-one OOB reads in AJP getter functions. (CVE-2026-33857) Heap Buffer Over-Read Due to Missing Null-Termination Check (ajpmsggetstring). (CVE-2026-34032) Heap Over-Read and memory disclosure in ajpparse_data(). (CVE-2026-34059)

References
Credits

Affected packages

Mageia:9 / apache

Package

Name
apache
Purl
pkg:rpm/mageia/apache?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.67-1.mga9

Ecosystem specific 

{
    "section": "core"
}

Database specific

source 
"https://advisories.mageia.org/MGASA-2026-0129.json"